PASSGUIDE EC0-350 BRAINDUMPS 1
Exam Name: ethical hacking and countermeasures
Exam Type EC-Council
Exam Code: EC0-350 Total Questions: 500
An attacker runs netcat tool to transfer a secret file between two hosts.
Machine A: netcat -l -p 1234 < secretfile
Machine B: netcat 192.168.3.4 > 1234
He is worried about information being sniffed on the network. How would the attacker use netcat
to encrypt the information before transmitting onto the wire?
A. Machine A: netcat -l -p -s password 1234 < testfile
Machine B: netcat
B. Machine A: netcat -l -e magickey -p 1234 < testfile
Machine B: netcat
C. Machine A: netcat -l -p 1234 < testfile -pw password
Machine B: netcat
D. Use cryptcat instead of netcat
Answer: D
Jess the hacker runs L0phtCrack’s built-in sniffer utility that grabs SMB password hashes and
stores them for offline cracking. Once cracked, these passwords can provide easy access to
whatever network resources the user account has access to. But Jess is not picking up hashes
from the network. Why?
A. The physical network wire is on fibre optic cable
B. The network protocol is configured to use IPSEC
C. The network protocol is configured to use SMB Signing
D. L0phtCrack SMB sniffing only works through Switches and not Hubs
Answer: C
Jack is conducting a port scan of a target network. He knows that his target network has a web
server and that a mail server is up and running. Jack has been sweeping the network but has not
been able to get any responses from the remote target. Check all of the following that could be a
likely cause of the lack of response?
A. The host might be down
B. UDP is filtered by a gateway
C. ICMP is filtered by a gateway
D. The TCP window size does not match
E. The destination network might be down
F. The packet TTL value is too low and cannot reach the target
Answer: A, C, E, F
You are attempting to map out the firewall policy for an organization. You discover your target
system is one hop beyond the firewall. Using hping2, you send SYN packets with the exact TTL
of the target system starting at port 1 and going up to port 1024. What is this process known as?
A. Firewalking
B. Footprinting
C. Enumeration
D. Idle scanning
Answer: A
Question: 11
How would you prevent session hijacking attacks?
A. Using biometrics access tokens secures sessions against hijacking
B. Using non-Internet protocols like http secures sessions against hijacking
C. Using hardware-based authentication secures sessions against hijacking
D. Using unpredictable sequence numbers secures sessions against hijacking
Answer: D
What does the term ‘Hacktivism’ means?
A. Someone who is hacking for a cause
B. Someone that has an urge to constantly hack
C. Someone who subscribe to hacker’s magazine
D. Someone who has at least 12 years of hacking experience
Answer: A
During the intelligence-gathering phase of a penetration test, you discover a press release by a
security products vendor stating that they have signed a multi-million dollar agreement with the
company you are targeting. The contract was for vulnerability assessment tools and network
based IDS systems.
While researching on that particular brand of IDS you notice that its default installation allows it to
perform sniffing and attack analysis on one NIC and is managed and sends reports via another
NIC. The sniffing interface is completely unbound from the TCP/IP stack by default. Assuming the
defaults were used, how can you detect these sniffing interfaces?
A. The sniffing interface cannot be detected
B. Send attack traffic and look for it to be dropped by the IDS
C. Use a ping flood against the IP of the sniffing NIC and look for latency in the responses
D. Set your IP to that of the IDS and look for it to begin trying to knock your computer off the
network
Answer: A
Matthew re-injects a captured wireless packet back onto the network. He does this hundreds of
times within a second. The packet is correctly encrypted and Matthew assumes it is an ARP
request packet. The wireless host responds with a stream of responses, all individually encrypted
with different IVs. What is this attack most appropriately called?
A. Spoof attack
B. Replay attack
C. Injection attack
D. Rebound attack
Answer: B
John is discussing security with Jane; she mentioned a few times to John that she suspects an
LKM was installed on her server and this is why it has been acting so erratically lately. LKM
stands for Loadable Kernel Module, what does it mean in the context of Linux Security?
A. Loadable Kernel Modules are a mechanism for adding functionality to a filesystem without
requiring a kernel recompilation
B. Loadable Kernel Modules are a mechanism for adding auditing to an operating-system kernel
without requiring a kernel recompilation
C. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system
kernel without requiring a kernel recompilation
D. Loadable Kernel Modules are a mechanism for adding functionality to an operating-system
kernel after it has been recompiled and the system rebooted
Answer: C
Oregon Corp is fighting a litigation suit with Scamster Inc. Oregon has assigned a private
investigative agency to go through garbage, recycled paper, and other rubbish at Scamster’s
office site in order to find relevant information. What would you call this kind of activity?
A. Scanning
B. CI Gathering
C. Dumpster Diving
D. Garbage Scooping
Answer: C
Jonathan being a keen administrator has followed all of the best practices he could find on
securing his Windows Server. He renamed the Administrator account to a new name that cannot
be easily guessed but there remain people who attempt to compromise his newly renamed
administrator account. How can a remote attacker decipher the name of the administrator
account if it has been renamed?
A. The attacker guessed the new name
B. The attacker used the user2sid program
C. The attacker used the sid2user program
D. The attacker used NMAP with the V switch
Answer: C
Recent Comments